plat-mediatek: define memory range

This patch registers the non-secure memory to support dynamic shm
registering.

The default RAM size has been set to 1 GiB and default RAM base
address set to 0x40

plat-mediatek: define memory range

This patch registers the non-secure memory to support dynamic shm
registering.

The default RAM size has been set to 1 GiB and default RAM base
address set to 0x40000000.
These values can be changed at compilation via CFG_DRAM_SIZE and
CFG_DRAM_BASE.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Julien Masson <jmasson@baylibre.com>

show more ...

config: add flag CFG_WARN_INSECURE

OP-TEE is a reference implementation for developers and device
manufacturers, which implies that there always is a need to fill in
missing pieces that cannot be do

config: add flag CFG_WARN_INSECURE

OP-TEE is a reference implementation for developers and device
manufacturers, which implies that there always is a need to fill in
missing pieces that cannot be done generically. The chipmakers often
have additional security configurations those needs to be configured
according to the chipmakers security guidelines and security
specifications.

To reduce the likelihood of running a vanilla configured OP-TEE we
introduce the flag CFG_WARN_INSECURE that will give warning messages in
the boot saying that the OP-TEE runs a configuration that might be
insecure. The intention is that the device manufacturer making the end
products should change the flag to "n" after implementing stubbed
functionality in OP-TEE and configuring their device according to the
chipmakers security guidelines and security specifications.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-sam: enable clock framework support

Enable clock framework support to be able to build sama5d2 clock tree.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Clément Léger <cleme

plat-sam: enable clock framework support

Enable clock framework support to be able to build sama5d2 clock tree.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: sam: add at91_utmi clock driver

Add driver for UTMI clock.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Acked-by: Boris Br

drivers: sam: add at91_utmi clock driver

Add driver for UTMI clock.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Acked-by: Boris Brezillon <bbrezillon@kernel.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: sam: add at91_i2s_mux clock driver

Add driver for I2S mux clock.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-b

drivers: sam: add at91_i2s_mux clock driver

Add driver for I2S mux clock.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: imx: enable CFG_TZC380 for imx6ull

Always enable the region autoconfiguration for imx6ull.

Signed-off-by: Andrej Rosano <andrej.rosano@f-secure.com>
Acked-by: Jerome Forissier <jerome@fori

drivers: imx: enable CFG_TZC380 for imx6ull

Always enable the region autoconfiguration for imx6ull.

Signed-off-by: Andrej Rosano <andrej.rosano@f-secure.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: mmu: fix overflow with high address in tee_mm_pool_t

In case of TA_RAM defined at the end of address range,
the high address will be defined outside the paddr_t limits
which ends in a 0 addres

core: mmu: fix overflow with high address in tee_mm_pool_t

In case of TA_RAM defined at the end of address range,
the high address will be defined outside the paddr_t limits
which ends in a 0 address usage.
The size must be used rather than the high address to
avoid this overflow issue. Update the corresponding files due
to API modification.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: verify size of allocated shared memory

Makes sure that normal world cannot change the size of allocated shared
memory, resulting in a smaller buffer being allocated.

This reintroduces cc6bc5f

core: verify size of allocated shared memory

Makes sure that normal world cannot change the size of allocated shared
memory, resulting in a smaller buffer being allocated.

This reintroduces cc6bc5f94210 ("core: verify size of allocated shared
memory") which was lost with Fixes: 2786f1438fc8 ("core: thread:
separate old SMC interface handling"). In addition is the READ_ONCE()
macro is used when reading the returned size from non-secure shared
memory.

Since then we have a separate set of functions to deal with RPC when
communicating with FF-A. A corresponding size check is added for the
FF-A version of thread_rpc_alloc().

Reported-by: Patrik Lantz <patrik.lantz@axis.com>
Reviewed-by: Patrik Lantz <patrik.lantz@axis.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pm: add a name to registered pm_callback_handle

Adds an argument to register a name (string debug identifier) for
PM handlers registered to PM framework.

Caller can provide a NULL reference o

core: pm: add a name to registered pm_callback_handle

Adds an argument to register a name (string debug identifier) for
PM handlers registered to PM framework.

Caller can provide a NULL reference or a valid string pointer. When pager
is enabled, the registration ensures the name lies in an unpaged section,
possibly allocating heap for that purpose.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gatien Chevallier <gatien.chevallier@st.com>

show more ...

plat-stm32mp1: clk: panic on driver init failure

Panic when stm32mp1 clock driver initialization fails.

Renames local function stm32mp1_clk_init() to stm32mp1_clk_fdt_init()
as it relates the drive

plat-stm32mp1: clk: panic on driver init failure

Panic when stm32mp1 clock driver initialization fails.

Renames local function stm32mp1_clk_init() to stm32mp1_clk_fdt_init()
as it relates the driver initialization from FDT node content.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: clk: move functions in source file

Moves __clk_is_enabled() and gate_is_non_secure() inside
stm32mp1_clk.c source file to ease integration to clk framework.

Acked-by: Jerome Forissie

plat-stm32mp1: clk: move functions in source file

Moves __clk_is_enabled() and gate_is_non_secure() inside
stm32mp1_clk.c source file to ease integration to clk framework.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: clk: fix const attribute in function arguments

Fixes __clk_enable(), __clk_disable() and __clk_is_enabled()
arguments against misplaced const attribute.

Acked-by: Jerome Forissier <j

plat-stm32mp1: clk: fix const attribute in function arguments

Fixes __clk_enable(), __clk_disable() and __clk_is_enabled()
arguments against misplaced const attribute.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: clk: refine always on clocks

Change implementation of clock_is_always_on() to prepare
for registration of clock in the generic clock framework.

Acked-by: Jerome Forissier <jerome@for

plat-stm32mp1: clk: refine always on clocks

Change implementation of clock_is_always_on() to prepare
for registration of clock in the generic clock framework.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: clk: remove useless static array

Local array secure_enable[] in function enable_static_secure_clocks()
does not need to be static.

Acked-by: Jerome Forissier <jerome@forissier.org>
S

plat-stm32mp1: clk: remove useless static array

Local array secure_enable[] in function enable_static_secure_clocks()
does not need to be static.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: enable CRYPTO HW if available

Compile crypto framework and use CRYP1 ip if available.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Reviewed-by: Etienne Carriere

plat-stm32mp1: enable CRYPTO HW if available

Compile crypto framework and use CRYP1 ip if available.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: kernel: use size_t instead of ssize_t for _fdt_reg_size()

Size is read from the reg device tree property as an unsigned value
coming from fdt32_to_cpu().
Use a size_t with associated error cod

core: kernel: use size_t instead of ssize_t for _fdt_reg_size()

Size is read from the reg device tree property as an unsigned value
coming from fdt32_to_cpu().
Use a size_t with associated error code DT_INFO_INVALID_REG_SIZE as
return in prototype. Update the current users according to this change.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: platform: use HUK derived from PUF KEK for RPMB

Enable the RPMB key when the HUK is generated from the PUF KEK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Sa

zynqmp: platform: use HUK derived from PUF KEK for RPMB

Enable the RPMB key when the HUK is generated from the PUF KEK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the PUK KEK to generate the
HUK instead. The PUF KEK must be registered while securing the board
using the Xilinx tools. In this case, the HUK is generated by reading
the DNA eFuses. This 96 bits value is used to generate a 16 byte
digest which is then AES-GCM encrypted using the PUF KEK. The
resulting 16 byte value is the HUK. To prevent the HUK from being
leaked, the AES-GCM module must be reserved.

The HUK generation was validated on Zynqmp zu3cg using the Xilinx
Lightweight Provisioning Tool to enable authenticated boot and to
provision the PUF (burning a number of eFuses in the process).

Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be bu

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be built with -DENABLE_EFUSE_ACCESS=1.

Notice however that certain eFuses will not be available unless the
Xilskey library linked to the PMUFW is compiled removing some of those
security restrictions.

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system will only boot ROM authenticated bootloaders
from here on).

The main use case for OP-TEE would be to encode the zynqmp per device
unique identifier (DNA0, DNA1, DNA2 eFUSEs - ie, a red key) using the
KEK. The encryption key generated this way is cryptographically strong
and will be used as the device HUK (ie, black key).

Test code:

csu_aes_encrypt_data(src, dst, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
csu_aes_decrypt_data(dst, src, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
if (memcmp(src, buffer, BLOB_DATA_SIZE)) {
EMSG(" - encrypt/decrypt test failed");

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: CSUDMA module

This module provides a mechanism to transfer data between memory and
peripherals. The data path is selected in the Secure Stream Switch
register in the CSU.

Signed-of

zynqmp: drivers: CSUDMA module

This module provides a mechanism to transfer data between memory and
peripherals. The data path is selected in the Secure Stream Switch
register in the CSU.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: Physically Unclonable Function (PUF)

This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.

The

zynqmp: drivers: Physically Unclonable Function (PUF)

This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.

The KEK is only available once the board has been secured via
programmable eFUSES (RSA_EN authentication via the PPK fuses).

Registering the PUF should be done using the Xilinx tools so the
adequate eFUSES are written.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: register the CSU memory with the platform

The CSU memory block that will be mapped from different drivers (ie,
PUF, AES-GCM, SHA..)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
R

zynqmp: register the CSU memory with the platform

The CSU memory block that will be mapped from different drivers (ie,
PUF, AES-GCM, SHA..)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: define the STACK_ALIGNMENT in terms of CACHELINE

Explicitily define the cache line length

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carrier

zynqmp: define the STACK_ALIGNMENT in terms of CACHELINE

Explicitily define the cache line length

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: add base address definitions

Add the base address definitions for the CSU and the CSUDMA modules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa

zynqmp: add base address definitions

Add the base address definitions for the CSU and the CSUDMA modules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...